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CYBER BREACHES ARE IN THE NEWS 
Data breach exposes 10M health records from. HACR BRIEF: HEALTH INSURER 


New York insurer 


Hack of Excellus is the latest in a string of attacks that, experts say, show records are more valuable than credit card 


numbers on the black market. 





EXCELLUS SAYS ATTACRERS 
BREACHED 10M RECORDS 


Data Breach at UCLA Health Exposes 4.5 Million 








Security 
More than 1 1 E 
wSeptember206 — DU People's Personal Information 
| | company. Tt 
earlier thisy The data potentially stolen includes names, birthdates, Social Security numbers and medical 
The hack of Information. 
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conclusively rule out that possibility," UCLA Health said in a statement. 


The breach, which was discovered on May 5, 2015, may date back as fé 
include UCLA Health patients, as well as providers who sought privilege 


"We take this attack on our systems extremely seriously," Dr. James Atk 
president of the UCLA Hospital System, said in a statement. "Our patien 
is a critical part of our commitment to care. We sincerely regret any impé 


"We have taken significant steps to further protect data and strengthen c 


Atkinson added. 


All those affected are being offered one free year of identity theft recove 
Anyone with questions is advised to contact (877) 534-5972. 
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hackers sparks outrage 


In Case You Missed It 


Without a "March miracle," 
drought-like conditions will 
continue in Southern California 


The war between the FBI and 
Apple just heated up again 


The problem with slut shaming 
in schools 
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PRICE OF STOLEN 
DATA 





CVV 


credit card, stale data 

fullz 

bank account details 

health credentials 

credit card, market flooded 
PayPal / eBay account 
credit card, freshly acquired 
spam email list 

‘executive’ credit card 


zero-day 


black market cost of hacking into an account 


average cost to companies per compromised record 
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EXAMPLE OF TRAVELLING DATA 


"A Day in the life of a stolen healthcare record 
"Krebs on ook = Blogger 





Did an Experiment - Released fake healthcare data to see where it ends 
up with Bitglass 


= http:/ /www.bitalass.com /companv /news/press releases/bitalasswheresyourdata 
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Within two weeks, viewed more than 1 ,OOÓ times and 
downloaded 47 times; some activity had connections to crime 


10 ‘syndicates in Nigeria and Russia. 


HOW DO WE GET INTO THE DARKWEB? 
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EASY 


I2P i Sissi: 


Download About Help "Volunteer 








The Invisible Internet Project 
(I2P) 


I2P is an anonymous network, exposing a simple layer that applications 
can use to anonymously and securely send messages to each other. The 
network itself is strictly message based (a la IP), but there is a library 
available to allow reliable streaming communication on top of it (a la TCP). 
All communication is end to end encrypted (in total there are four layers of 
encryption used when sending a message), and even the end points 
("destinations") are cryptographic identifiers (essentially a pair of public 
keys). 


How does it work? 


To anonymize the messages sent, each client application has their l2P 
"router" build a few inbound and outbound "tunnels" - a sequence of peers 
that pass messages in one direction (to and from the client, respectively). In 
turn, when a client wants to send a message to another client, the client 
passes that message out one of their outbound tunnels targeting one of the 
other client's inbound tunnels, eventually reaching the destination. Every 
participant in the network chooses the length of these tunnels, and in doing 
so, makes a tradeoff between anonymity, latency, and throughput according 
to their own needs. The result is that the number of peers relaying each 
end to end message is the absolute minimum necessary to meet both the 
sender's and the receiver's threat model. 


The first time a client wants to contact another client, they make a query 
against the fully distributed "network database" - a custom structured 
distributed hash table (DHT) based off the Kademlia algorithm. This is done 
to find the other client's inbound tunnels efficiently, but subsequent 
messages between them usually includes that data so no further network 
database lookups are required. 


More details about how I2P works are available. 








Anonymity Online 
Protect your privacy. Defend yourself 
against network surveillance and traffic 


analysis. 


Download Tor 


What is Tor? 
Tor is free software and an open network that 
helps you defend against traffic analysis, a 
form of network surveillance that threatens 
personal freedom and privacy, confidential 
business activities and relationships, and state 
security. 

Learn more about Tor » 


Home About Tor 


» Tor prevents people from 
learning your location or 
browsing habits. 


* Tor is for web browsers, 
instant messaging clients, 
and more. 


* Tor is free and open 
source for Windows, Mac, 
Linux/Unix, and Android 





Why Anonymity Matters 
Tor protects you by bouncing your 
communications around a distributed network 
of relays run by volunteers all around the 
world: it prevents somebody watching your 
Internet connection from learning what sites 
you visit, and it prevents the sites you visit from 
learning your physical location. 

Get involved with Tor » 







Documentation Press Blog Contact 


Volunteer Donate 





Recent Blog Posts 


| 


Sat, 15 Nov 2014 Posted by: arma 


Tor Weekly News 一 November 12th... 
Wed, 12 Nov 2014 Posted by: harmony 


Partnering with Mozilla 


Tue, 11 Nov 2014 Posted by: phobos 


OONI Bridge reachability study a... 
Mon, 10 Nov 2014 Posted by: art 


Thoughts and Concerns about Oper... 
Sun, 09 Nov 2014 Posted by: phobos 


View all blog posts » 


Family & Friends 

People like you and your family use Tor 
to protect themselves, their children, 
and their dignity while using the 


TorBrowser * 


About Tor 


©” S about:tor 


Tor Browser 
) 5 3-W nd OWS 


Congratulations! 


This browser is configured to use Tor. 


You are now free to browse the Internet anonymously. 
Test Tor Network Settings 


| a 


Search securely with Startpage 





What Next? 


Tor is NOT all you need to browse 
anonymously! You may need to change some of 
your browsing habits to ensure your identity z 
your brov sing habits to ensure your identit « Run a Tor Relay Node » 
stays safe. 23 m ! 

| e Volunteer Your Services » 

e Make a Donation » 
Tips On Staying Anonymous » 


You Can Help! 


There are many ways you can help make the Tor 
Network faster and stronger 


The Tor Project is a US 501(c)(3) non-profit dedicated to the research, development, and 
education of online anonymity and privacy. Learn more about The Tor Project » 
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ONCE IN, FIND THE UNDERGROUND SITES 


The domains end in .onion eg http://xkclkjsfsdfs.onion 


Siaaint.or http: / /siqgaintevyh2rzvw.onion 


Mail2Tor.com / http:/ /mail2tor2zyjdctd.onion 





Lelantos.or http: / /lelantoss7bcnwbv.onion aid accounts only, lacking customer support 


Anonlnbox.net / http: / /ncikv3idafzwy2dy.onion aid accounts onl 





GuerrillaMail.com / http://grrmailb3fxpjbwm.onion 


44 lorBox / http:/ /torbox3uiotówchz.onion | 100% tor, no clearnet 


HOW DO WE SECURE OUR ORGANISATION? 
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1) START WITH LEGISLATION, REG, 
POLICIES AND GUIDELINES 





LOOK AT YOUR RISK APPETITE FROM THE BOARD 


EXAMPLE OF FINANCIAL RISK APPETITE 
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THE BOARD IS ACCOUNTABLE FOR SECURITY 


Boards are appointing ClSOs to mitigate this risk. 
“Does your organisation have a CISO? 


"Does the CISO report to the Board? 
“Why not? 


"Does your organisation have a Cybersecurity strategy? 





APPROACH TO CYBERSECURITY 


|. Architect with defence in depth. 


Assume threats will be inside the network. 
2. Protect the data 


3. Monitor with as much visibility as possible 
at all layers 


4. Protect the un-protectable 





5. Segment and segregate 


1960. Detect and Respond 





PROTECT DETECT RESPOND 


|. Architect with defence in depth 


* Assume threats will be inside the network. 
2. Firewall, segregate and segment 


3. Separate based on risk profiles 


21 


PROTECT DETECT RESPOND 


1. Get visibility at all layers 
° Deep packet inspection 
° Networks 
* Endpoints 


° Gateways 


2. Intelligence 


° Correlate and apply business impact. "What does this mean to our 
business?” 


°  Darknet intelligence. Know before it happens 
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PROTECT DETECT RESPOND 


|. Plan and know what to do when something happens 
: Comms strategy (internal and external) 
: Can you send an email from your CEO /Chairman to all staff globally? 
M Are you ready to deal with the media? Pre-approved holding statements? 
s Respond to your Board and Execs 


: Security awareness and messaging 


d Templates and processes in place to send internal and external messages 
d Is secure awareness training part of employee induction or training? 
2. Incident response 


á Small (Quick Ihr — 1 day investigation) — what happened? How bad is it? 
° Medium (1 day to weeks) — Deeper dive 


25 d Large (weeks to months/years) — Extremely serious, prosecution 





APPLY A RISK-BASED APPROACH TO CYBERSECURITY 
PRIVACY AND SECURITY ASSURANCE FRAMEWORK (PSAF) 


Wie 


Phase 0 | Phase 1 | Phase 2 |  . Phase3 Phase 4 
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Business Case 
& Funding 
(QuickLook) 


e Project 
information 


e Information 
Security 
Planning 
Questionnaire & 
& Privacy Impact 
Assessment 
(QuickLook) 


e Acceptance and 
endorsement 


Planning 8 
Reguirements 
Definition 


e Project 
information 


e Change 
notification 


e Confirmation of 
PO submission 


e P1 Security Risk 
Assessment 
Questionnaire 


e Acceptance and 
endorsement 


Solution & 
Service Design 


e Project information 
e Change notification 


e Confirmation of PO 
and P1 submission 


e P2 Security Risk 
Assessment 
Questionnaire 


e Annex 2A - Security 
Compliance 
Checklist 


e Acceptance and 
endorsement 


Solution & 
Service Build 


e Project information 
e Change notification 


e Confirmation of PO 
to P2 submission 


e P3 Security Risk 
Assessment 
Questionnaire 


e Annex BA” - 


Security Risk 
Management Plan 


e Annex 3B* - 
Security Risk 
Management Plan 


e Acceptance and 
endorsement 


Transition & 
Operation 


e Project information 
e Change notification 


e Confirmation of PO to 
P3 submission 


e P4 Security Risk 
Assessment 
Questionnaire 

e Annex AA* 

e Annex AB* 

e Annex AC 

e Annex AD 


e Acceptance and 
endorsement 








- SECURITY ASSURANCE STANDARD (SAS) 


BASED ON CESG ISI&2 








“Step 1: Model objects, analyse and catalogue the information assets, define and conduct a 
business impact assessment 


" Step 2: Define the Focus of Interest (Fol) 


* Step 3: Conduct a Threat Assessment, identify and assess the Threat Sources and estimate threat 
levels 


" Step 4: Identify and assess the Threat Actors and estimate threat levels 


" Step 5: Conduct a Vulnerability Analysis, identify compromise methods and risks, and estimate risk 
levels 


" Step 6: Prioritise and present risks 
" Step 7: Mitigation (Risk Treatment Plan) ocu MCN NONE | 
Step 8: PSAF Revi ip 
" Step 8: eview | 
: l ım Risk Treatment 
" Step 9: Annual Review | 


25 = Risk Score www.cesg.gov.uk 
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RISK TREATMENT 


Threat Level 
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Medium Medium 
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“RISK SCORES MAPPING 





Amount of Security required 


F 
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EXAMPLE SSC ARCHITECTURE 
IN 
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Presentation 
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WHAT IS ON THE CYBER HORIZON? 


"Artificial Intelligence — Watching this space last 5 years 

= Automation. Decisions without humans 

“Fuelled by Machine Learning /Deep Learning — Hinton 2006 
"Evolution of our Cyber systems to be Intelligent 


"Cyber has a big data set to analyse 
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Big Data Landscape 2016 


Infrastructure Analytics Applications 
















































Hadoop Hadoop in Cluster Services Analyst Analytics Data Science Visualization Sales & Marketing Customer Service || Human 
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Not quite Skynet and Terminator 
More at another talk! 
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THANK YOU 


gilbert. verdian@quant.network 
07985 770 889 


wy https://twitter.com/gverdian 


in https://www.linkedin.com/in/gverdian 


W http://www.gilbertverdian.com 
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